929.02  STATEMENT OF POLICY.
   (a)    Definition of Sensitive Information.  Sensitive information includes the following items whether stored in electronic or printed format:
      (1)    Credit Card information, including any of the following:
         A.   Credit Card number (in part or whole);
         B.   Credit Card expiration date;
         C.   Cardholder name;
         D.   Cardholder address.
      (2)     Tax identification numbers, including:
         A.   Social Security Number;
         B.   Business identification number;
         C.   Employer identification numbers.
      (3)    Payroll information, including, among other information:
         A.   Paychecks;
         B.   Pay stubs.
      (4)    Cafeteria plan check requests and associated paperwork.
      (5)    Medical Information for any employee or customer, including but not limited to:
         A.   Doctor names and claims;
         B.   Insurance Claims;
         C.   Prescriptions;
         D.   Any related personal medical information.
      (6)    Other personal information belonging to any customer, employee or contractor, examples of which include:
         A.   Date of birth;
         B.   Address;
         C.   Phone Numbers;
         D.   Maiden Name;
         E.   Names;
         F.   Customer number.
   (b)    Municipal personnel are encouraged to use common sense judgment in securing  confidential information to the proper extent. Furthermore, this section should be read in conjunction with Ohio Public Records Act and the Village’s open records policy.  If an employee is uncertain of the sensitivity of a particular piece of information, he/she should contact their supervisor.  In the event that the Village cannot resolve a conflict between this policy and the Ohio Public Records Act, the Village will contact the Solicitor.
   (c)    When a customer of the Village has made application and been provided a confidential identification password by the Village, Village Employees will be permitted to share sensitive information with the customer, upon disclosure of the password over the telephone.
(Ord. 08-23.  Passed 10-24-08.)